ZKSync Recovers $5M in Crypto After Hacker Accepts 10% Bounty

Summary:

• ZKSync successfully recovered $5 million worth of tokens after a hacker returned the stolen assets.
• The hacker accepted a 10% bounty in exchange for returning 90% of the stolen tokens.
• The hack occurred on April 15, 2025, via a compromised admin key that minted 111 million ZK tokens from unclaimed airdrop reserves.
• The recovered tokens were returned within the platform’s 72-hour “safe harbor” window, with governance now deciding the next steps.
• ZKSync’s security measures, including transaction filtering, helped prevent further misuse of the compromised addresses.

ZKSync’s Swift Recovery: A Rare Win for Crypto Security

ZKSync, a prominent Layer 2 scaling solution for Ethereum, has made a remarkable recovery after a hacker exploited a vulnerability in its system. On April 15, 2025, the platform fell victim to a breach involving a compromised admin key. This allowed the attacker to mint approximately 111 million ZK tokens, valued at around $5 million, from unclaimed airdrop reserves. The hack affected only three specific airdrop contracts, with no core protocol systems or user funds being compromised.

A Bold Deal with the Hacker

In response to the incident, ZKSync initiated an offer to the hacker on April 21, 2025, proposing a deal where the attacker could return 90% of the stolen tokens in exchange for keeping 10% as a bounty. The hacker surprisingly agreed, and by the platform’s 72-hour “safe harbor” deadline, nearly 45 million ZK tokens and over 1,700 Ethereum were returned to addresses controlled by the ZKSync Security Council.

Ensuring Safety for All Users

While the hack was a significant breach, ZKSync acted quickly to protect its users and its platform. Matter Labs, the current sequencer for ZKSync Era, implemented transaction filtering to block activity from the compromised addresses, ensuring no further harm could be done during the investigation. It’s worth noting that these centralized measures are a temporary solution and can be adjusted by governance at any time.

ZKSync’s governance body now holds the recovered tokens, and discussions will take place to determine the next course of action. This successful recovery is a rare example in the crypto sector, where many hacks remain unresolved.

What’s Next for ZKSync?

The ZKSync team has promised a final investigation report soon, and the platform’s ability to quickly recover stolen funds underscores the importance of robust security measures in the rapidly evolving world of blockchain technology. Despite the initial breach, ZKSync’s handling of the situation showcases its commitment to safeguarding its users and maintaining the integrity of its ecosystem.

In a statement, the team mentioned, “Only three specific airdrop contracts were impacted by the vulnerability. Core protocol systems and user funds were unaffected, ensuring that no further damage was done to the platform’s integrity.”

With governance now holding the recovered tokens, it remains to be seen what decisions will be made regarding the future of these assets.